owned this note
owned this note
Published
Linked with GitHub
# 20200521 notes for fedora 32 test day
NOTE: Fedora CoreOS has automated testing that covers many of the test
cases mentioned below. The value in the test day is to promote
awareness of FCOS, catch issues with documentation, catch issues
with user experience, and catch bugs not covered in automation/CI.
#### Advantages:
- see how many people attended and it worked for them (and not just failed and they filed bugs)
- find UX issues (people not understanding instructions, confusing command output)
- identify poor documentation
- reach more audience, let people know that FCOS exists
- convince people to try FCOS for the first time with some simple test cases
#### Notes:
- it might be a good idea to target the `next` stream in **all** testcases, in order to focus this test day fully on testing F32 stream
## Possible test cases (brainstorming):
#### Basics/newcomer:
- do a libvirt install
- https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/#_launching_with_qemu_or_libvirt
- do a bare metal install
- https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/
#### Advanced/existing FCOS user:
- run your existing deployment on `next` stream, see what happens
- exploratory testing - do whathever is possible in the system, play with it, try to break it or just explore unknown commands/features
- static networking config test case
- https://docs.fedoraproject.org/en-US/fedora-coreos/static-ip-config/
- complex partitioning test case:
- something like the examples in this section: https://docs.fedoraproject.org/en-US/fedora-coreos/fcct-config/#_file_systems
- convert [devconf lab guide](https://dustymabe.com/2020/01/23/devconf.cz-2020-fedora-coreos-lab/) into a test case(s)?
- more advanced install scenario
- https://dustymabe.com/2020/04/04/automating-a-custom-install-of-fedora-coreos/
- migrate your existing Container Linux deployment to FCOS next
## Standard YAML / Igninition file for testing
The best way to test all the scenarios would be to use a standard Ignition file. This file will need to include even a sample user key for user `core`. Below is such a YAML file that can be used by converting it into Iginition format. This is also a great place to add more things and make it comprehensive.
Note: This uses explicitly symlinks to certain systemd unit files. You can add additional ones that need to be run as particular user directly under User `core` home directory. But the included service unit files need to run as `root`. This model provides the user to update revisions of say, nginix without having to go into root directory and will hopefully be saved across automatic updates to FCOS.
```yaml
# author:
# - Shivaram Mysore^[Switchnomix Inc, shivaram.mysore@gmail.com]
variant: fcos
version: 1.0.0
passwd:
users:
- name: core
ssh_authorized_keys:
- ssh-rsa AAAAB3N...1LR7 mykey
storage:
files:
# allow the specified user to run `docker` as `root`, without a password.
# https://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/
- path: /etc/sudoers
overwrite: false
append:
- inline: |
core ALL=(ALL) NOPASSWD: /usr/bin/docker
mode: 0420
- path: /home/core/.bashrc
overwrite: false
append:
- inline: |
alias docker="sudo /usr/bin/docker"
alias podman="sudo /usr/bin/podman"
user:
name: core
group:
name: core
- path: /home/core/hello.service
overwrite: false
mode: 0644
contents:
source: data:text/plain;charset=iso-8859-7,%23%20Go%20Program%20%0A%23%20https%3A%2F%2Fgithub.com%2Fgolang%2Fexample%2Ftree%2Fmaster%2Fhello%0A%5BUnit%5D%0ADescription%3DMy%20Golang%20Hello%20Service%0A%0A%5BInstall%5D%0AWantedBy%3Dmulti-user.target%0A%0A%5BService%5D%0ATimeoutStartSec%3D0%0ARestart%3Dalways%0AExecStartPre%3D%2Fbin%2Fpkill%20gohello%0AExecStart%3D%2Fhome%2Fcore%2Fgohello%20%0AExecStop%3D%2Fbin%2Fpkill%20gohello
user:
name: core
group:
name: core
- path: /home/core/coredns.service
overwrite: false
mode: 0644
contents:
source: data:text/plain;charset=iso-8859-7,%23%20CoreDNS%20container%20image%20from%20DockerHub.%20%0A%23%20https%3A%2F%2Fdev.to%2Frobbmanes%2Frunning-coredns-as-a-dns-server-in-a-container-1d0%0A%5BUnit%5D%0ADescription%3DCoreDNS%0A%0A%5BInstall%5D%0AWantedBy%3Dmulti-user.target%0A%0A%5BService%5D%0ATimeoutStartSec%3D0%0ARestart%3Dalways%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20kill%20dns-cntr%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20rm%20dns-cntnr%0AExecStart%3D%2Fusr%2Fbin%2Fpodman%20run%20%5C%0A%20%20%20%20%20%20%20%20%20%20--name%3Ddns-cntnr%20%5C%0A%20%20%20%20%20%20%20%20%20%20--network%3D%22host%22%20%5C%0A%20%20%20%20%20%20%20%20%20%20--volume%3D%2Fhome%2Fcore%2Fcoredns-conf%3A%2Froot%20%5C%0A%20%20%20%20%20%20%20%20%20%20coredns%2Fcoredns%3A1.6.9%20%5C%0A%20%20%20%20%20%20%20%20%20%20-conf%20%2Froot%2FCorefile%0AExecStop%3D%2Fusr%2Fbin%2Fpodman%20stop%20dns-cntnr
user:
name: core
group:
name: core
- path: /home/core/lb.service
overwrite: false
mode: 0644
contents:
source: data:text/plain;charset=iso-8859-7,%23%20nginx%3Aalpine%20container%20image%20from%20DockerHub.%20%0A%23%0A%5BUnit%5D%0ADescription%3DNginX%20Reverse%20Proxy%0A%0A%5BInstall%5D%0AWantedBy%3Dmulti-user.target%0A%0A%5BService%5D%0ATimeoutStartSec%3D0%0ARestart%3Dalways%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20kill%20lb-cntnr%0AExecStartPre%3D-%2Fusr%2Fbin%2Fpodman%20rm%20lb-cntnr%0AExecStart%3D%2Fusr%2Fbin%2Fpodman%20run%20%5C%0A%20%20%20%20%20%20%20%20%20%20--name%3Dlb-cntnr%20%5C%0A%20%20%20%20%20%20%20%20%20%20--network%3D%22host%22%20%5C%0A%20%20%20%20%20%20%20%20%20%20--volume%3D%2Fhome%2Fcore%2Flb-conf%3A%2Fetc%2Fnginx%2Fconf%20%5C%0A%20%20%20%20%20%20%20%20%20%20nginx%3A1.17.9-alpine%20%5C%0A%20%20%20%20%20%20%20%20%20%20nginx%20%5C%0A%20%20%20%20%20%20%20%20%20%20-c%20%2Fetc%2Fnginx%2Fconf%2Fnginx.conf%20%5C%0A%20%20%20%20%20%20%20%20%20%20-g%20%22daemon%20off%3B%22%0AExecStop%3D%2Fusr%2Fbin%2Fpodman%20stop%20lb-cntnr
user:
name: core
group:
name: core
# Disable SELinux
- path: /etc/selinux/config
overwrite: true
contents:
source: data:text/plain;charset=iso-8859-7,%23%20This%20file%20controls%20the%20state%20of%20SELinux%20on%20the%20system.%0A%23%20SELINUX%3D%20can%20take%20one%20of%20these%20three%20values%3A%0A%23%20%20%20%20%20enforcing%20-%20SELinux%20security%20policy%20is%20enforced.%0A%23%20%20%20%20%20permissive%20-%20SELinux%20prints%20warnings%20instead%20of%20enforcing.%0A%23%20%20%20%20%20disabled%20-%20No%20SELinux%20policy%20is%20loaded.%0ASELINUX%3Ddisabled%0A%23%20SELINUXTYPE%3D%20can%20take%20one%20of%20these%20three%20values%3A%0A%23%20%20%20%20%20targeted%20-%20Targeted%20processes%20are%20protected%2C%0A%23%20%20%20%20%20minimum%20-%20Modification%20of%20targeted%20policy.%20Only%20selected%20processes%20are%0A%23%20%20%20%20%20protected.%0A%23%20%20%20%20%20mls%20-%20Multi%20Level%20Security%20protection.%0ASELINUXTYPE%3Dtargeted%0A
mode: 0644
# Configure time.nist.gov time server as the first one
- path: /etc/chrony.conf
overwrite: true
contents:
source: data:text/plain;charset=iso-8859-7,%23%20Add%20AWS%20NTP%20Server%20to%20the%20top%20of%20the%20list%0Aserver%20time.nist.gov%20iburst%20prefer%0A%0A%23%20Use%20public%20servers%20from%20the%20pool.ntp.org%20project.%0A%23%20Please%20consider%20joining%20the%20pool%20(http%3A%2F%2Fwww.pool.ntp.org%2Fjoin.html).%0Apool%202.fedora.pool.ntp.org%20iburst%0A%0A%23%20Record%20the%20rate%20at%20which%20the%20system%20clock%20gains%2Flosses%20time.%0Adriftfile%20%2Fvar%2Flib%2Fchrony%2Fdrift%0A%0A%23%20Allow%20the%20system%20clock%20to%20be%20stepped%20in%20the%20first%20three%20updates%0A%23%20if%20its%20offset%20is%20larger%20than%201%20second.%0Amakestep%201.0%203%0A%0A%23%20Enable%20kernel%20synchronization%20of%20the%20real-time%20clock%20(RTC).%0Artcsync%0A%0A%23%20Enable%20hardware%20timestamping%20on%20all%20interfaces%20that%20support%20it.%0A%23hwtimestamp%20*%0A%0A%23%20Increase%20the%20minimum%20number%20of%20selectable%20sources%20required%20to%20adjust%0A%23%20the%20system%20clock.%0A%23minsources%202%0A%0A%23%20Allow%20NTP%20client%20access%20from%20local%20network.%0A%23allow%20192.168.0.0%2F16%0A%0A%23%20Serve%20time%20even%20if%20not%20synchronized%20to%20a%20time%20source.%0A%23local%20stratum%2010%0A%0A%23%20Specify%20file%20containing%20keys%20for%20NTP%20authentication.%0Akeyfile%20%2Fetc%2Fchrony.keys%0A%0A%23%20Get%20TAI-UTC%20offset%20and%20leap%20seconds%20from%20the%20system%20tz%20database.%0Aleapsectz%20right%2FUTC%0A%0A%23%20Specify%20directory%20for%20log%20files.%0Alogdir%20%2Fvar%2Flog%2Fchrony%0A%0A%23%20Select%20which%20information%20is%20logged.%0A%23log%20measurements%20statistics%20tracking%0A
mode: 0644
# Disable FCOS pinger to report or collect information
# https://github.com/coreos/zincati/blob/master/docs/usage/configuration.md
- path: /etc/fedora-coreos-pinger/config.d/99-disable-reporting.toml
overwrite: false
contents:
source: data:text/plain;charset=iso-8859-7,%5Breporting%5D%0Aenabled%20%3D%20false
mode: 0644
# Configure Autoupdate
# Default settings are located in /usr/lib/zincati/config.d/ directory
- path: /etc/zincati/config.d/10-enable-feature.toml
overwrite: false
contents:
source: data:text/plain;charset=iso-8859-7,%5Bfeature%5D%0Aenabled%20%3D%20true
mode: 0644
# Add symlinks for systemd services residing in /home/core/*service
links:
- path: /etc/systemd/system/hello.service
overwrite: false
target: /home/core/hello.service
hard: false
- path: /etc/systemd/system/coredns.service
overwrite: false
target: /home/core/coredns.service
hard: false
- path: /etc/systemd/system/lb.service
overwrite: false
target: /home/core/lb.service
hard: false
systemd:
units:
- name: extrapkgs.service
enabled: true
contents: |
[Unit]
Description=Install extra packages only once
[Service]
Type=oneshot
ExecStart=rpm-ostree install unzip whois tree
[Install]
WantedBy=multi-user.target
- name: hello.service
enabled: true
- name: lb.service
enabled: true
- name: ccoredns.service
enabled: true
```
## Testcase drafts
See the proposed Test Day Result page here:
http://testdays.fedorainfracloud.org/events/84
See the Test Day wiki page here:
https://fedoraproject.org/wiki/Test_Day:Fedora_32_CoreOS
#### Virtual install
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_virtual_install
#### Bare Metal install
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_baremetal_install
#### Static networking
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_static_networking
### Complex partitioning
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_complex_partitioning
#### Upgrades & Downgrades
1. Upgrade from previous {Stable, Testing} to new release {Stable} - Bare metal, AWS, Digital ocean
2. Downgrade new release {Stable} to previous release {Stable} - Bare metal, AWS
3. Create a standard igition file with systemd unit files, overlayed packages such as unzip, whois, login keys, a few common containers such as Nginx and fcct with some systemd enabled, some started and some disabled, some oneshot. This way, most of the Day0 problems are tested.
4. Use PXE/TFTP, ISO {CD, USB Flash} methods to install and upgrade testing
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_switch_stream
(needs more separate test cases to accomodate use cases listed above)
#### Documentation
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_Documentation
#### Container Linux migration
See (and edit):
https://fedoraproject.org/wiki/User:Sumantrom/Draft/Testcase_CoreOS_ContainerLinux_migration